Saturday, October 29, 2005

Singularity: A Next Generation OS

Here's a fascinating document from Microsoft Research detailing work on Singularity. It's an OS designed to support languages like Java and C# - so has been designed to support partitioned memory spaces, and to handle dependable code.
SIPs are the OS processes on Singularity. All code outside the kernel executes in a SIP. SIPs differ from conventional operating system processes in a number of ways:
  • SIPs are closed object spaces, not address spaces. Two Singularity processes cannot simultaneously access an object. Communications between processes transfers exclusive ownership of data.
  • SIPs are closed code spaces. A process cannot dynamically load or generate code.
  • SIPs do not rely on memory management hardware for isolation. Multiple SIPs can reside in a physical or virtual address space.
  • Communications between SIPs is through bidirectional, strongly typed, higher-order channels. A channel specifies its communications protocol as well as the values transferred, and both aspects are verified.
  • SIPs are inexpensive to create and communication between SIPs incurs low overhead. Low cost makes it practical to use SIPs as a fine-grain isolation and extension mechanism.
  • SIPs are created and terminated by the operating system, so that on termination, a SIP’s resources can be efficiently reclaimed.
  • SIPs executed independently, even to the extent of having different data layouts, run-time systems, and garbage collectors.
SIPs are not just used to encapsulate application extensions. Singularity uses a single mechanism for both protection and extensibility, instead of the conventional dual mechanisms of processes and dynamic code loading. As a consequence, Singularity needs only one error recovery model, one communication mechanism, one security policy, and one programming model, rather than the layers of partially redundant mechanisms and policies in current systems. A key experiment in Singularity is to construct an entire operating system using SIPs and demonstrate that the resulting system is more dependable than a conventional system.
Something to keep an eye on - this could be the type of approach needed to deliver modular OSes that run on hypervisors.


Anonymous ssavitzky said...

Oh, look! They've invented the B5500! Or was that USCD Pascal? Or the LISP Machine?

10/29/2005 08:57:00 pm  
Anonymous Anonymous said...

None of the above, ssavitzky. If you actually read the paper, you'll see that Singularity relies heavily on compile-time checking of code that eventually runs native, which is very different than running bytecode. They've also extended checking to a semantic level way above what bytecode can do; check out the protocol-specification part of Sing# to understand what that means.

It's easy to be a smartass about an OS based on a dialect of C#, but it just looks tiresome when the incorrectness of the hasty underlying assumptions is pointed out.

10/31/2005 01:26:00 pm  

Post a Comment

Links to this post:

Create a Link

<< Home